fix(cert-manager): Do validation earlier, and add missing `---` before PodMonitor, causing objects to merge (#7787)

* WIP fix secret of clusterissuer not found * bump * Whoooops
2023-03-11 16:49:28 +02:00 · 2023-03-11 16:49:28 +02:00 · 784a8346c0
parent ee2146782a
commit 784a8346c0
3 changed files with 20 additions and 15 deletions
--- a/charts/enterprise/cert-manager/Chart.yaml
+++ b/charts/enterprise/cert-manager/Chart.yaml
@ -21,7 +21,7 @@ sources:
  - https://github.com/truecharts/charts/tree/master/charts/enterprise/cert-manager
  - https://cert-manager.io/
 type: application
-version: 1.0.8
+version: 1.0.9
 annotations:
  truecharts.org/catagories: |
    - core
--- a/charts/enterprise/cert-manager/templates/_metrics.tpl
+++ b/charts/enterprise/cert-manager/templates/_metrics.tpl
@ -1,5 +1,6 @@
 {{- define "certmanager.metrics" -}}
 {{- if .Values.customMetrics.enabled }}
+---
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
--- a/charts/enterprise/cert-manager/templates/clusterissuer/_ACME.tpl
+++ b/charts/enterprise/cert-manager/templates/clusterissuer/_ACME.tpl
@ -1,5 +1,11 @@
 {{- define "certmanager.clusterissuer.acme" -}}
 {{- range .Values.clusterIssuer.ACME }}
+
+  {{- $validTypes := list "HTTP01" "cloudflare" "route53" -}}
+  {{- if not (mustHas .type $validTypes) -}}
+    {{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
+  {{- end -}}
+  {{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
@ -22,15 +28,15 @@ spec:
          email: {{ .email }}
         {{- if .cfapitoken }}
          apiTokenSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
            key: cf-api-token
         {{- else if .cfapikey }}
          apiKeySecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
            key: cf-api-key
-         {{ else }}
-         {{- fail "A cloudflare API key or token is required" }}
-         {{- end }}
+         {{- else -}}
+          {{- fail "A cloudflare API key or token is required" -}}
+         {{- end -}}
      {{- else if eq .type "route53" }}
        route53:
          region: {{ .region }}
@ -45,18 +51,18 @@ spec:
        akamai:
          serviceConsumerDomain: {{ .serviceConsumerDomain }}
          clientTokenSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
            key: akclientToken
          clientSecretSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
            key: akclientSecret
          accessTokenSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
            key: akaccessToken
      {{- else if eq .type "digitalocean" }}
        digitalocean:
          tokenSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
            key: doaccessToken
      {{- else if eq .type "rfc2136" }}
        rfc2136:
@ -64,18 +70,16 @@ spec:
          tsigKeyName: {{ .tsigKeyName }}
          tsigAlgorithm: {{ .tsigAlgorithm }}
          tsigSecretSecretRef:
-            name: {{ .name }}-clusterissuer-secret
+            name: {{ $issuerSecretName }}
            key: rfctsigSecret
-      {{- else }}
-      {{- fail "No correct ACME type entered..." }}
-      {{- end }}
+      {{- end -}}
    {{- end }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  namespace: cert-manager
-  name: {{ .name }}-clusterissuer-secret
+  name: {{ $issuerSecretName }}
 type: Opaque
 stringData:
  cf-api-token: {{ .cfapitoken | default "" }}